package student;

import admin.Connectmysql;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.*;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;

@WebServlet("/student/loginProcess")
public class StudentLoginServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        request.setCharacterEncoding("UTF-8");
        response.setContentType("text/html;charset=UTF-8");

        String username = request.getParameter("username");
        String password = request.getParameter("password");

        Connectmysql cmysql = new Connectmysql(
                "jdbc:mysql://localhost:3306/exam",
                "root",
                "root",
                "com.mysql.cj.jdbc.Driver");

        ResultSet rst = null;
        try {
            if (cmysql.open()) {
                // 使用预编译语句防止SQL注入
                rst = cmysql.executeSql(
                        "SELECT student_id, student_no, name, gender, phone, email, class_id FROM student WHERE username = ? AND password = ?;",
                        new Object[]{username, password}
                );

                if (rst != null && rst.next()) {
                    // 登录成功，创建Session
                    HttpSession session = request.getSession();

                    // 存储学生信息
                    session.setAttribute("student_id", rst.getInt("student_id"));
                    session.setAttribute("student_no", rst.getString("student_no"));
                    session.setAttribute("studentName", rst.getString("name"));
                    session.setAttribute("gender", rst.getInt("gender") == 1 ? "男" : "女");
                    session.setAttribute("phone", rst.getString("phone"));
                    session.setAttribute("email", rst.getString("email"));
                    session.setAttribute("class_id", rst.getInt("class_id"));

                    session.setMaxInactiveInterval(30 * 60); // 30分钟超时

                    // 重定向到学生主页
                    response.sendRedirect(request.getContextPath() + "/student.jsp");
                } else {
                    // 登录失败
                    request.setAttribute("error", "学号或密码错误");
                    request.getRequestDispatcher(request.getContextPath() +"/teacher_student.jsp").forward(request, response);
                }
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            request.setAttribute("error", "数据库驱动加载失败");
            request.getRequestDispatcher(request.getContextPath() +"/teacher_student.jsp").forward(request, response);
        } catch (SQLException e) {
            e.printStackTrace();
            request.setAttribute("error", "数据库查询异常");
            request.getRequestDispatcher(request.getContextPath() +"/teacher_student.jsp").forward(request, response);
        } finally {
            if (rst != null) {
                try {
                    rst.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            cmysql.close();
        }
    }
}